From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 26A33A00E6 for ; Tue, 19 Mar 2019 18:43:17 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1560025A1; Tue, 19 Mar 2019 18:43:16 +0100 (CET) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 4CE331DBD; Tue, 19 Mar 2019 18:43:14 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Mar 2019 10:43:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,245,1549958400"; d="scan'208";a="308555471" Received: from fyigit-mobl.ger.corp.intel.com (HELO [10.237.221.46]) ([10.237.221.46]) by orsmga005.jf.intel.com with ESMTP; 19 Mar 2019 10:43:11 -0700 To: Alejandro Lucero , Pallantla Poornima Cc: dev , reshma.pattan@intel.com, dpdk stable References: <1552040885-15275-1-git-send-email-pallantlax.poornima@intel.com> From: Ferruh Yigit Openpgp: preference=signencrypt Autocrypt: addr=ferruh.yigit@intel.com; prefer-encrypt=mutual; keydata= mQINBFXZCFABEADCujshBOAaqPZpwShdkzkyGpJ15lmxiSr3jVMqOtQS/sB3FYLT0/d3+bvy qbL9YnlbPyRvZfnP3pXiKwkRoR1RJwEo2BOf6hxdzTmLRtGtwWzI9MwrUPj6n/ldiD58VAGQ +iR1I/z9UBUN/ZMksElA2D7Jgg7vZ78iKwNnd+vLBD6I61kVrZ45Vjo3r+pPOByUBXOUlxp9 GWEKKIrJ4eogqkVNSixN16VYK7xR+5OUkBYUO+sE6etSxCr7BahMPKxH+XPlZZjKrxciaWQb +dElz3Ab4Opl+ZT/bK2huX+W+NJBEBVzjTkhjSTjcyRdxvS1gwWRuXqAml/sh+KQjPV1PPHF YK5LcqLkle+OKTCa82OvUb7cr+ALxATIZXQkgmn+zFT8UzSS3aiBBohg3BtbTIWy51jNlYdy ezUZ4UxKSsFuUTPt+JjHQBvF7WKbmNGS3fCid5Iag4tWOfZoqiCNzxApkVugltxoc6rG2TyX CmI2rP0mQ0GOsGXA3+3c1MCdQFzdIn/5tLBZyKy4F54UFo35eOX8/g7OaE+xrgY/4bZjpxC1 1pd66AAtKb3aNXpHvIfkVV6NYloo52H+FUE5ZDPNCGD0/btFGPWmWRmkPybzColTy7fmPaGz cBcEEqHK4T0aY4UJmE7Ylvg255Kz7s6wGZe6IR3N0cKNv++O7QARAQABtCVGZXJydWggWWln aXQgPGZlcnJ1aC55aWdpdEBpbnRlbC5jb20+iQJVBBMBAgA/AhsDBgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgBYhBNI2U4dCLsKE45mBx/kz60PfE2EfBQJbughWBQkHwjOGAAoJEPkz60Pf E2Eft84QAIbKWqhgqRfoiw/BbXbA1+qm2o4UgkCRQ0yJgt9QsnbpOmPKydHH0ixCliNz1J8e mRXCkMini1bTpnzp7spOjQGLeAFkNFz6BMq8YF2mVWbGEDE9WgnAxZdi0eLY7ZQnHbE6AxKL SXmpe9INb6z3ztseFt7mqje/W/6DWYIMnH3Yz9KzxujFWDcq8UCAvPkxVQXLTMpauhFgYeEx Nub5HbvhxTfUkapLwRQsSd/HbywzqZ3s/bbYMjj5JO3tgMiM9g9HOjv1G2f1dQjHi5YQiTZl 1eIIqQ3pTic6ROaiZqNmQFXPsoOOFfXF8nN2zg8kl/sSdoXWHhama5hbwwtl1vdaygQYlmdK H2ueiFh/UvT3WG3waNv2eZiEbHV8Rk52Xyn2w1G90lV0fYC6Ket1Xjoch7kjwbx793Kz/RfQ rmBY8/S4DTGn3oq3dMdQY+b6+7VMUeLMMh2CXYO9ErkOq+qNTD1IY+cBAkXnaDbQfz0zbste ZGWH74FAZ9nCpDOqbRTrBL42aMGhfOWEyeA1x7+hl6JZfabBWAuf4nnCXuorKHzBXTrf7u7p fXsKQClWRW77PF1VmzrtKNVSytQAmlCWApQIw20AarFipXmVdIjHmJPU611WoyxZPb4JTOxx 5cv9B+nr/RIB+v5dcStyHCCwO1be7nBDdCgd4F6kTQPLuQINBFfWTL4BEACnNA29e8TarUsB L5n6eLZHXcFvVwNLVlirWOClHXf44o2KnN3ww+eBEmKVfEFo9MSuGDNHS8Zw1NiGMYxLIUgd U6gGrVVs/VrQWL82pbMk6jCj98N+BXIri+6K1z+AImz7ax7iF1kDgRAnFWU0znWWBgM2mM8Y gDjcxfXk4sCKnvf6Gjo08Ey5zmqx7dekAKU2EEp8Q1EJY3jbymLdZWRP4AFFMTS1rGMk0/tt v71NBg1GobCcbNfn9chK/jhqxYhAJqq86RdJQkt3/9x1U1Oq0vXCt4JVVHmkxePtUiuWTTt+ aYlUAsKYZsWvncExvw77x2ArYDmaK0yfjh37wp0lY7DOJHFxoyT8tyWZlLci/VMRG2Ja33xj 0CN4C1yBg+QDeV3QFxQo42iA/ykdXPUR3ezmsND3XKvVLTC4DNb3V/EZQ7jBj64+bEK0VW4G B31VP00ApNQvSoczsIOAKdk97RNbpmPw6q10ILIB+9T1xbnFYzshzGF17oC0/GENIHATx8vZ masOZoDiOZQpeneLgnFE9JfzhLTxv6wNZcc/HLXRQVTkDsQr8ERtkAoHCf1E5+b5Yr7pfnE4 YuhET746o25S53ELUYPIs49qoJsEJL34/oexMfPGyPIlrbufiNyty5jc/1MRwUlhJlJ5IOHy ZUa+6CLR7GdImusFkPJUJwARAQABiQI8BBgBAgAmAhsMFiEE0jZTh0IuwoTjmYHH+TPrQ98T YR8FAlu6CHAFCQXE7zIACgkQ+TPrQ98TYR9nXxAAqNBgkYNyGuWUuy0GwDQCbu3iiMyH1+D7 llafPcK4NYy1Z4AYuVwC9nmLaoj+ozdqS3ncRo57ncRsKEJC46nDJJZYZ5LSJVn63Y3NBF86 lxQAgjj2oyZEwaLKtKbAFsXL43jv1pUGgSvWwYtDwHITXXFQto9rZEuUDRFSx4sg9OR+Q6/6 LY+nQQ3OdHlBkflzYMPcWgDcvcTAO6yasLEUf7UcYoSWTyMYjLB4QuNlXzTswzGVMssJF/vo V8lD1eqqaSUWG3STF6GVLQOr1NLvN5+kUBiEStHFxBpgSCvYY9sNV8FS6N24CAWMBl+10W+D 2h1yiiP5dOdPcBDYKsgqDD91/sP0WdyMJkwdQJtD49f9f+lYloxHnSAxMleOpyscg1pldw+i mPaUY1bmIknLhhkqfMmjywQOXpac5LRMibAAYkcB8v7y3kwELnt8mhqqZy6LUsqcWygNbH/W K3GGt5tRpeIXeJ25x8gg5EBQ0Jnvp/IbBYQfPLtXH0Myq2QuAhk/1q2yEIbVjS+7iowEZNyE 56K63WBJxsJPB2mvmLgn98GqB4G6GufP1ndS0XDti/2K0o8rep9xoY/JDGi0n0L0tk9BHyoP Y7kaEpu7UyY3nVdRLe5H1/MnFG8hdJ97WqnPS0buYZlrbTV0nRFL/NI2VABl18vEEXvNQiO+ vM8= Message-ID: <9d7768f6-b285-a420-1a3c-ae2fd39b256c@intel.com> Date: Tue, 19 Mar 2019 17:43:11 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [dpdk-stable] [PATCH v2] net/nfp: fix possible buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190319174311.PvuSpRWuDksGgHmQTautTT8FqXPEHbN8bdKYqz_c8rk@z> On 3/12/2019 9:56 AM, Alejandro Lucero wrote: > On Fri, Mar 8, 2019 at 10:28 AM Pallantla Poornima < > pallantlax.poornima@intel.com> wrote: > >> sprintf function is not secure as it doesn't check the length of string. >> More secure function snprintf is used. >> >> Fixes: 896c265ef9 ("net/nfp: use new CPP interface") >> Fixes: c4171b520b ("net/nfp: support PF multiport") >> Cc: stable@dpdk.org >> >> Signed-off-by: Pallantla Poornima >> --- >> v2: updated title as suggested. >> --- >> drivers/net/nfp/nfp_net.c | 20 ++++++++++++-------- >> 1 file changed, 12 insertions(+), 8 deletions(-) >> >> diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c >> index a791e95e2..f63def5ef 100644 >> --- a/drivers/net/nfp/nfp_net.c >> +++ b/drivers/net/nfp/nfp_net.c >> @@ -3318,9 +3318,9 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int >> port, int ports, >> return -ENOMEM; >> >> if (ports > 1) >> - sprintf(port_name, "%s_port%d", dev->device.name, port); >> + snprintf(port_name, 100, "%s_port%d", dev->device.name, >> port); >> else >> - sprintf(port_name, "%s", dev->device.name); >> + strlcat(port_name, dev->device.name, 100); >> >> >> if (rte_eal_process_type() == RTE_PROC_PRIMARY) { >> @@ -3433,12 +3433,14 @@ nfp_fw_upload(struct rte_pci_device *dev, struct >> nfp_nsp *nsp, char *card) >> /* Looking for firmware file in order of priority */ >> >> /* First try to find a firmware image specific for this device */ >> - sprintf(serial, "serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x", >> + snprintf(serial, sizeof(serial), >> + "serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x", >> cpp->serial[0], cpp->serial[1], cpp->serial[2], >> cpp->serial[3], >> cpp->serial[4], cpp->serial[5], cpp->interface >> 8, >> cpp->interface & 0xff); >> >> - sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial); >> + snprintf(fw_name, sizeof(fw_name), "%s/%s.nffw", DEFAULT_FW_PATH, >> + serial); >> >> PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name); >> fw_f = open(fw_name, O_RDONLY); >> @@ -3446,7 +3448,8 @@ nfp_fw_upload(struct rte_pci_device *dev, struct >> nfp_nsp *nsp, char *card) >> goto read_fw; >> >> /* Then try the PCI name */ >> - sprintf(fw_name, "%s/pci-%s.nffw", DEFAULT_FW_PATH, dev-> >> device.name); >> + snprintf(fw_name, sizeof(fw_name), "%s/pci-%s.nffw", >> DEFAULT_FW_PATH, >> + dev->device.name); >> >> PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name); >> fw_f = open(fw_name, O_RDONLY); >> @@ -3454,7 +3457,7 @@ nfp_fw_upload(struct rte_pci_device *dev, struct >> nfp_nsp *nsp, char *card) >> goto read_fw; >> >> /* Finally try the card type and media */ >> - sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card); >> + snprintf(fw_name, sizeof(fw_name), "%s/%s", DEFAULT_FW_PATH, card); >> PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name); >> fw_f = open(fw_name, O_RDONLY); >> if (fw_f < 0) { >> @@ -3530,8 +3533,9 @@ nfp_fw_setup(struct rte_pci_device *dev, struct >> nfp_cpp *cpp, >> >> PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed); >> >> - sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model, >> - nfp_eth_table->count, nfp_eth_table->ports[0].speed / >> 1000); >> + snprintf(card_desc, sizeof(card_desc), "nic_%s_%dx%d.nffw", >> + nfp_fw_model, nfp_eth_table->count, >> + nfp_eth_table->ports[0].speed / 1000); >> >> nsp = nfp_nsp_open(cpp); >> if (!nsp) { >> -- >> 2.17.2 >> >> > I got a compilation error when applying this patch: strlcat can not be > found. > > I guess this patch requires to check for system libraries versions. > Hi Alejandro, Linux doesn't have the 'strlcat' but there is DPDK implementation of it, comes with '#include ' header which is already included in this file. 'strlcat' support is added in this release, 19.05, can you be using an old code? Can you please double check the build with the latest code? Thanks, ferruh